6-1-06

6-1-06

I found what looks to be a very dodgy e-commerce site that may be exposing the payment details of Eurostar customers. I was about to book a trip using www.eurospecials.co.uk when I got to the bit where I would have entered by credit card details. I noticed that the page I would have entered my details into was not secure which is safe in itself (but not good practice). For some reason, I wondered if the page the data would have been sent to was secure so I entered some non-credit card details ( card number 0000 0000 0000 0000) to see what happened. I was shocked to find that the page I had sent these details was not secure either and it really should have been as anyone looking could have seen the information I sent.





I had a quick look for who holds the domain eurospecials.co.uk in the Whois data bases but there was not helpful info. I then called the Eurostar to ask them about it. They didn't seem to think that the domain was one of theirs so the fact that there is a button on the eurospecials.co.uk site that clearly states "Click here to buy tickets from the official Eurostar site" is rather misleading and deeply concerning. The company seems to have done a pretty good job of replicating the official eurostar page down to the last details but the "official" eurostar page that they send you to is also at eurospecials.co.uk!!!

I Will update this when I get a full response from Eurostar. Be warned people... and listen to Security Now with Steve Gibson and Leo Laporte.

by JC